Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
68s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
29/12/2023, 22:50
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
062131b40a28b1a0de6011f6ebc535ab.exe
Resource
win7-20231215-en
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
062131b40a28b1a0de6011f6ebc535ab.exe
Resource
win10v2004-20231222-en
6 signatures
150 seconds
General
-
Target
062131b40a28b1a0de6011f6ebc535ab.exe
-
Size
385KB
-
MD5
062131b40a28b1a0de6011f6ebc535ab
-
SHA1
687e5fc318840ea593544bd3973a7a834691b0a5
-
SHA256
045f7a020c46fd87b00ac1b03ad6e00836ea4e0abb4207f8cb1b1650b198a082
-
SHA512
10536a60517d8ae24e0631099ec3019f88167cebf01c0e2c8b44d7ef3e577065c1f93602263af994b6ed9b26180e9089fd7da6c2fd1b6ed3d864ff8b4c3d120e
-
SSDEEP
12288:ivpfY5M4+RxEMrv91reF8Y0XRXpERDbqYDB:ivpfY5MnW8vrCZ0XRSlZB
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 3860 062131b40a28b1a0de6011f6ebc535ab.exe -
Executes dropped EXE 1 IoCs
pid Process 3860 062131b40a28b1a0de6011f6ebc535ab.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious behavior: RenamesItself 1 IoCs
pid Process 2984 062131b40a28b1a0de6011f6ebc535ab.exe -
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2984 062131b40a28b1a0de6011f6ebc535ab.exe 3860 062131b40a28b1a0de6011f6ebc535ab.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2984 wrote to memory of 3860 2984 062131b40a28b1a0de6011f6ebc535ab.exe 21 PID 2984 wrote to memory of 3860 2984 062131b40a28b1a0de6011f6ebc535ab.exe 21 PID 2984 wrote to memory of 3860 2984 062131b40a28b1a0de6011f6ebc535ab.exe 21
Processes
-
C:\Users\Admin\AppData\Local\Temp\062131b40a28b1a0de6011f6ebc535ab.exe"C:\Users\Admin\AppData\Local\Temp\062131b40a28b1a0de6011f6ebc535ab.exe"1⤵
- Suspicious behavior: RenamesItself
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2984 -
C:\Users\Admin\AppData\Local\Temp\062131b40a28b1a0de6011f6ebc535ab.exeC:\Users\Admin\AppData\Local\Temp\062131b40a28b1a0de6011f6ebc535ab.exe2⤵
- Deletes itself
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:3860
-